David Strom writes in the New York Times about how to stop your commercially sensitive data from falling into the wrong hands:
As more small businesses rely on e-mail and instant messaging for their communications, they would do well to use a number of inexpensive methods to preserve privacy and ensure that messages are read only by the intended recipient.
Even the smallest of businesses can make use of these security tips and tools, none of which requires a computer guru for setup or maintenance:
HANG ON TO YOUR LAPTOP In a survey by RSA Security, 10 percent of the respondents acknowledged they had lost their laptops or cellphones at some point. An obvious remedy is to keep the computer with you, rather than leaving it in a hotel room or locked car.
“I had a laptop stolen about six years ago,” said Chris Angelini, managing editor of Tom’s Hardware, a Web site that reviews and recommends computer products. “Then I bought a smaller laptop just so I could take it everywhere with me.”
Michael Callahan, chief marketing officer of Credant Technologies, a data security company based in Addison, Tex., said: “The real cost of losing all this data isn’t the price of the hardware. It is the cost to replace all your customer information.”
LOCK OUT OTHERS When it’s not possible or practical to keep physical possession of the computer, you can take a number of protective measures to ensure that only its owner has access. One of the simplest is to use the built-in fingerprint reader on your laptop, if it has one.
Another option is to secure a laptop’s files with an encryption program like TrueCrypt (truecrypt.org), which is free, or PGP Endpoint, which sells for $50 (pgp.com). These programs render all the files indecipherable if the laptop falls into the wrong hands. Some USB flash drives also come with encryption software.
ADD THE ‘S’ Travelers should take care to type “https” at the beginning of all their sensitive Web site addresses (like those of banks), especially when using a computer in a public place. Web browsers normally use the hypertext transfer protocol (http), but many sites (not all) also accept https connections, which provide extra security. Users of Google’s Gmail can automatically force secure connections with an options setting in the program.
OUTSOURCE E-MAIL Businesses no longer need to run their own e-mail networks, because many inexpensive alternatives will rent them as many mailboxes as needed. These providers will manage the entire e-mail process and offer a full collection of features, including the ability to screen and block messages that contain spam and viruses.
Google’s Gmail is free, or $50 a mailbox a year for those who require more support. Other services are more specialized, like 123together.com, which offers to host a company’s e-mail on its Microsoft Exchange servers for $10 a mailbox a month.
ENCRYPT E-MAIL Individual e-mail messages that contain sensitive information like customer or financial data can be encrypted with security software. Unencrypted e-mail could be easily intercepted and read if sent over the Internet in ordinary text. The simplest way to encrypt e-mail is with a service like PGP Universal (which comes with various options and at a wide range of prices at pgp.com) or Voltage Security Network ($65 a person a year at voltage.com). Of course, recipients of your messages will need software that can decrypt what you’ve sent.
BLOCK OUTSIDERS Ensure secure access to an office network when you’re traveling with a virtual private network. This will prevent anyone from monitoring your communications and is particularly important when using a public network or otherwise sharing Internet access with strangers.
The options include LogMeIn Hamachi ($40 a year at logmein.com) or the free software from OpenVPN.net. With one of these on your computer, you can open, copy and save files from your office network without having to worry about a hacker reading over your shoulder.
“Hamachi allows us to connect to hundreds of our customers and monitor live videos of our security cameras discreetly and without having to worry about being compromised by unauthorized users,” said Ben Molloy, vice president of Pro-Vigil Inc. in San Antonio, which provides off-hours video security monitoring for construction sites.
Granted, all these security measures require some work. “Until you see the light and the need for these products, such as with a stolen laptop or lost data, no one else is going to be able to motivate you to use them,” says Sean Steele, a data security consultant from InfoLock Technologies in Arlington, Va. “A single data breach could easily cost several orders of magnitude more than any of these solutions.”